Comments on: Inception: a tool for compromising the slumber of computers with full-disk encryptionhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html
Brain candy for Happy MutantsMon, 15 Sep 2014 23:11:17 +0000hourly1http://wordpress.org/?v=4.2.2By: OoerictoOhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1621789
Mon, 07 Jan 2013 17:41:00 +0000http://boingboing.net/?p=203785#comment-1621789of course you are correct, but in defense of the ignorant, it would be theoretically possible to use another processor (superIO, etc) to boot the entire shebang just like we do from POST. but of course this would be an entirely different world…
]]>By: OoerictoOhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1621782
Mon, 07 Jan 2013 17:34:00 +0000http://boingboing.net/?p=203785#comment-1621782from TFA: “You can use any interface that expands the PCIe bus, for example PCMCIA, ExpressCards, the new Thunderbolt interface and perhaps SD/IO [SDcard] to hotplug a FireWire interface into the victim machine.”
]]>By: dragonfroghttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1621149
Sun, 06 Jan 2013 00:01:00 +0000http://boingboing.net/?p=203785#comment-1621149Nope. Firewire devices have to request DMA access before using any DMA capabilities. The Firewire driver is in charge of granting that request.

]]>By: LightningRosehttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620741
Fri, 04 Jan 2013 23:36:00 +0000http://boingboing.net/?p=203785#comment-1620741Oh? then please explain how an interrupt is processed causing a disk to spin up, a driver loaded to RAM and linked into the kernel if the CPU is “turned off”?

In sleep mode the CPU is in a low power state, but it is still executing code.

]]>By: Aneurin Pricehttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620616
Fri, 04 Jan 2013 20:25:00 +0000http://boingboing.net/?p=203785#comment-1620616No, because the kernel is code running on the CPU, and the CPU is *turned off*.
]]>By: oasisob1http://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620607
Fri, 04 Jan 2013 20:16:00 +0000http://boingboing.net/?p=203785#comment-1620607No. The first rule is to always look cool.
]]>By: KvHhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620597
Fri, 04 Jan 2013 20:03:00 +0000http://boingboing.net/?p=203785#comment-1620597If this were true your computer would never come out of sleep as there would be no way to detect mouse, power switch, or keyboard actions. The only thing it would be doing is refreshing the RAM, not checking for hardware events that are supposed to wake it up.

The DMA part of firewire doesn’t need OS level drivers installed. It’s a function of the motherboard. Both Windows and Mac’s are vulnerable to the add-in card scenario, although only one current model of Mac even allows add-in cards, the laptops, iMacs and mac mini don’t.

For Mac’s with built-in firewire (and thunderbolt, that is vulnerable as well) the problem was fixed in 10.7.2 and DMA access is disabled on sleep. Not sure on Windows, but since Microsoft doesn’t make the PC hardware at the moment they may be more vulernable.

PGP is less vulnerable as long as your hibernation and page files are on encrypted volumes. On sleep the key is erased from memory and the user must re-enter their password on wake before the drives can be used. If you use whole disk on your boot volume you’re probably ok.

]]>By: Keith Tylerhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620574
Fri, 04 Jan 2013 19:15:00 +0000http://boingboing.net/?p=203785#comment-1620574I’m not entirely sure what is meant by the computer is asleep, but I can pretty much guarantee that when I put my machine into sleep mode, the only thing it does is trickle-feed power to the RAM. Everything else, including processing, stops. That’s actually the whole point. (Yes, the OS has to be aware of the sleep function, but that is only to prepare itself for the stasis it is about to go into.) Any hardware changes you make while it is sleeping will not be noticed until you wake it up. (I suppose it is conceivable that the sleep function could be designed to wake on hardware change, but that would require something stay awake to look for them… and then, it wouldn’t be a sleeping computer anymore, would it?)

But maybe they aren’t talking about computers. Maybe they are talking about Macs. (ooh, burn) I’ve no idea what sort of stupid things Macs do when they are asleep or what stupid redefinition of “sleep” Apple uses, but if either are this fucked up, IMO it is just another one of the 92438765879436587 reasons to never use a Mac. Too much hand-holding and automagical system actions (like, say, polling for hardware changes and downloading and installing drivers, all while asleep, in the name of “Easy!”) leads to what we like to call gaping security holes.

I guess it makes sense if “asleep” means “powered off and hibernating”, provided you can wake the machine up from hibernation without requiring a password?

]]>By: awjthttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620550
Fri, 04 Jan 2013 18:35:00 +0000http://boingboing.net/?p=203785#comment-1620550 If you can touch Fight Club, you do not trust or talk about Fight Club. But you can own it.
]]>By: PeterNBiddlehttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620530
Fri, 04 Jan 2013 17:58:00 +0000http://boingboing.net/?p=203785#comment-1620530This one, AGAIN? Sheesh.

In the real world, if you care about securing your computer, you can already store the key off-board AND require a HW backed PIN that is quite robust. You can do this for hibernate if you like standby but are worried about security. And BitLocker wipes memory *even on an unplanned power-down* so you’re covered there too.

Also note that we developed an additional cipher for BitLocker that makes grinding out the PW check auth code extremely difficult by adding cross-block-level randomness to the disk so you can’t reboot over and over again and look for diffs and try to find the registry setting requiring PWs a midst a sea of random.

Also on my machine, installation of admin-privileged code (that includes DMA driver updates and replacement of PW code, last I checked) requires a user confirmation, which a device isn’t going to be able to do… not unless it is also somehow replacing the mouse driver. Which would require user auth.
What am I missing here? How do you get past UAC?
Which it’s recursive, innit?

]]>By: LightningRosehttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620487
Fri, 04 Jan 2013 16:11:00 +0000http://boingboing.net/?p=203785#comment-1620487 It’s software that puts the system to sleep. Trust me, the kernel knows about it.
]]>By: invictushttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620484
Fri, 04 Jan 2013 16:07:00 +0000http://boingboing.net/?p=203785#comment-1620484It used to be, but someone got physical access to Fight Club and overwrote the rules with nothing more than a FireWire cable.
]]>By: Guysmileyhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620449
Fri, 04 Jan 2013 15:13:00 +0000http://boingboing.net/?p=203785#comment-1620449Have you shopped for one of these “crazy foldable battery computers” in the past few years? Good luck finding any that have an Expresscard slot. USB3 and eSATA have effectively made it obsolete.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620446
Fri, 04 Jan 2013 15:11:00 +0000http://boingboing.net/?p=203785#comment-1620446So, the upshot here is: for real security, shut your machine down when not using it, and require a boot password, and have strong disk encryption, and have a way to disconnect – physically – FireWire ports and PCMCIA slots and anything else that uses DMA, and also be able to reliably detect case openings.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620442
Fri, 04 Jan 2013 15:06:00 +0000http://boingboing.net/?p=203785#comment-1620442Nah. The drivers for the OS are primarily to coordinate keeping the OS from reading/writing the same memory as DMA devices at the same time. Removing them doesn’t stop the FireWire device from having DMA access.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620440
Fri, 04 Jan 2013 15:02:00 +0000http://boingboing.net/?p=203785#comment-1620440Depends on where your disk decryption is handled. If the chipset on the disk is doing encryption and decryption, then possibly you could just unplug and replug data cables, unless the disk ditches the decrypt tables on unplug events. If the OS is doing encrypt and decrypt of the filesystem, hitting the cable won’t do anything.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620436
Fri, 04 Jan 2013 14:55:00 +0000http://boingboing.net/?p=203785#comment-1620436Actually, DMA means just that – Direct Memory Access, without CPU or OS intervention. The particular mode here sets up DMA to the lower 4 GB, without signaling the portion of the operating system that could stop the process. The OS is given a signal that this hardware setup is happening, load your driver – but whether it loads a driver or not (a driver that essentially does little more than coordinate flags so that it doesn’t write/read the exact same memory the DMA device is at the same time), the FireWire device is getting DMA, because that’s in the firmware.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620429
Fri, 04 Jan 2013 14:47:00 +0000http://boingboing.net/?p=203785#comment-1620429They’d just have a special case for those OSes that finds the function that attempts to decrypt the file system with the password provided, and insert a function that attempts with the keys already in the keyring — back-patching.
Most modern OS’ encrypt with keys, stored in a keyring management system, which is itself unlocked by the provided password.
Some OS’ kernel teams / encryption teams aren’t going to write special-case code to handle “what if someone has FireWire/DMA access”, especially if file system decryption is a time-intensive /RAM – intensive task to begin with, and the OS itself is in the encrypted disk.
Even if the user filesystems are separately encrypted, the kernel’s compromised, so as soon as those are decrypted (when the user logs on), those keys are compromised.

The scarier possibility here, is that DMA access allows for arbitrary code execution, which allows for patching arbitrary firmware of any chipset or device on the machine, permanently compromising the device even if the filesystems are entirely replaced.

]]>By: Ðæfiþ Hushttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620419
Fri, 04 Jan 2013 14:26:00 +0000http://boingboing.net/?p=203785#comment-1620419It’s even easier. Just unplug the datacable, leave the power plugged in, plug your own datacable into the (not) encrypted HDD and copy/edit/delete stuff as you wish. Works for most computers (Problem is not the HDD but the implementation in the system – system should encrypt the HDD on sleep not leave it decrypted which is totally facepalm.
There is a talk on that topic on the 29C3 of the CCC in Hamburg – look it up must be somewhere on Youtube. Firewire is nice but not the best way to do it because you could be faced with flipping bits.
]]>By: bardfinnhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620417
Fri, 04 Jan 2013 14:22:00 +0000http://boingboing.net/?p=203785#comment-1620417“Sleep” means “shut down power-hungry components such as video, hdu, fans, and anything needing a fan”. The CPU still operates, as does RAM and often the net interface continues to operate (all at decreased clock speed), so the machine can handle wake signals, wake-on-LAN, and system-level events (hardware events).
]]>By: Paul Davishttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620414
Fri, 04 Jan 2013 14:17:00 +0000http://boingboing.net/?p=203785#comment-1620414that is all true. but none of that means or requires that a device gets access to arbitrary areas of system RAM without intervention by the OS. the fact that you CAN grant a device access to RAM for DMA doesn’t mean that you have to.
]]>By: Paul Davishttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620412
Fri, 04 Jan 2013 14:14:00 +0000http://boingboing.net/?p=203785#comment-1620412part of the idea of disk encryption was to break (or at least fracture) the link between physical access and “owning it”.
]]>By: Boundegarhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620400
Fri, 04 Jan 2013 13:32:00 +0000http://boingboing.net/?p=203785#comment-1620400I thought it was: You do not talk about Fight Club
]]>By: Max Allanhttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620397
Fri, 04 Jan 2013 13:21:00 +0000http://boingboing.net/?p=203785#comment-1620397I’d be interested to know if SATA has similar issues (how many full size PCs have an eSATA connection on the back). It is a lot more likely to have SATA than firewire and the drivers will already be loaded / be pretty much required to boot (so you can’t simply delete them)
(If so, we’ve now gone from an attack that mainly hits laptops and older PCs with firewire to an attack that hits a large number of modern PCs and laptops without even needing to open the box.)

What gets me is that the target machine can successfully load drivers etc while sleeping. Surely “sleep” means “don’t do any processing and keep memory state static” ?

]]>By: fuzzyfuzzyfungushttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620392
Fri, 04 Jan 2013 12:47:00 +0000http://boingboing.net/?p=203785#comment-1620392It might be more helpful to look into the possibility of better handling the keys for an encrypted filesystem.

If my reading is correct, the cool part of this attack is not the ability to stub out the password verification step(being able to do so with just a firewire cable is certainly nice, and more elegant than popping out the drive and then either reading what you want on a different system or overwriting the locally stored password hashes and logging in that way); but the fact that, if the computer is sleeping, the secret key that allows decryption of an encrypted filesystem is protected only by the (breakable) password verification step, rather than actually requiring knowledge of the password, as it would if you were cold booting.

In an ideal world, the sleeping system would not actually be storing the decryption key at all, only enough to infer it with access to the real password(so, even if the attacker stubbed out verification, they’d still get a garbage decryption key unless they used the correct password).

That would make things significantly more complex, since the system would have to have enough unencrypted components to wake from sleep and ask for credentials without panicking horribly; but not so many unencrypted components that useful fragments of user information could be gathered; but if it were possible it would also reduce the DMA attacks to a merely more convenient flavor of ‘just pop out the HDD’ attack…

]]>By: Dlo Burnshttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620342
Fri, 04 Jan 2013 06:37:00 +0000http://boingboing.net/?p=203785#comment-1620342I thought the first rule was trust no one.
]]>By: bill_mcgoniglehttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620334
Fri, 04 Jan 2013 06:02:00 +0000http://boingboing.net/?p=203785#comment-1620334wat? How is the kernel even going to be aware if the hardware is sleeping? I think they mean the PCIe bus will load the device firmware when it’s hotplugged.

Also: glad I got the cheaper laptop without expansion slots!

]]>By: fuzzyfuzzyfungushttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620330
Fri, 04 Jan 2013 05:57:00 +0000http://boingboing.net/?p=203785#comment-1620330DMA is used because it is both faster and substantially less demanding of CPU time than the alternatives. PIO is a serious drag on performance, especially if your situation requires high, and predictable, throughput in a system that may be under other sorts of load(as in, for example, a computer ingesting a DV tape over firewire and dumping it to disk.)

The demand for hot-pluggable external ports on computers that are kept outside physically secure environments makes this hitherto largely theoretical problem a more serious concern(ISA and PCI were also vulnerable, in the ages when dinosaurs wandered the earth; but you’d notice before somebody screwdrivered open your IBM PC and popped a malicious card in, even assuming that that wouldn’t kill the motherboard…); but it isn’t as though this is an abberation of some kind in a single standard; DMA shows up in a great many high speed(or high speed for their time) interfaces because it is good at what it does.

]]>By: troshttp://boingboing.net/2013/01/03/inception-a-tool-for-compromi.html#comment-1620321
Fri, 04 Jan 2013 05:47:00 +0000http://boingboing.net/?p=203785#comment-1620321I suggest looking up the benchmarks between FireWire (@ 400Mbps) drives, in comparison to USB2.0 (@ 480Mbps), and I think you’ll understand what made DMA so appealing to have on peripherals.